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Acronyms 


Acronym Definition Acronym Definition 
ADC Analog to Digital Converter 12C Inter-Integrated Circuit 
AES Advanced Encryption Standard JPEG Joint Photographic Experts Group 
AF Air Force JPL NASA Jet Propulsion Laboratory 
AMS Agile Mixed Signal L2 Cache _ independent caches organized as a hierarchy (L1, L2, etc.) 
ARC Ames Research Center LEO low earth orbit 
ARM ARM Holdings Public Limited Company LinFlex Local Interconnect Network Flexible 
Bayes Net Bayesian Networks L-mem Long-Memory 
BN Bayesian Networks LP Low Power 
CAN Controller Area Network M/L BIST Memory/Logic Built-In Self-Test 
CAN-FD Controller Area Network Flexible Data-Rate MAIW Mission Assurance Improvement Workshop 
CCl Cache coherent interconnect MBMA model based mission assurance 
a device or program that compresses data to enable faster transmission MBSE Model-Based Systems Engineering 
Codec F : 
and decompresses received data MIPI Mobile Industry Processor Interface 
COF chemistry of failure NAND Negated AND or NOT AND 
COTS Commercial Off The Shelf NASA National Aeronautics and Space Administration 
CRC Cyclic Redundancy Check NEPP NASA Electronic Parts and Packaging 
CSE Communications Security Establishment NOR Not OR logic gate 
Csi2 Camera Serial Interface 2nd Generation OCM on-chip RAM 
CU Control Unit PCle Peripheral Component Interconnect Express 
DCU Display Control Unit PCle Gen2 Peripheral Component Interconnect Express Generation 2 
DDR Double Data Rate (DDR3 = Generation 3; DDR4 = Generation 4) POF Physics of Failure 
DEBUG identify and remove errors from (computer hardware or software) PS-GTR PS-GTR is a type of transceiver 
DMA Direct Memory Access R&D Research and Development 
DOA dead on arrival Rad Hard radiation hardened 
DSP Digital Signal Processing RAM Random Access Memory 
dSPI Dynamic Signal Processing Instrument RGB Red, Green, and Blue 
Dual Ch. Dual Channel RH Radiation Hardened 
ECC Error-Correcting Code RHA Radiation Hardeness Assurance 
EDAC error detection and correction SAR Successive-Approximation-Register 
EEE Electrical, Electronic, and Electromechanical SATA Serial Advanced Technology Attachment 
EMAC Equipment Monitor And Control SCU Secondary Control Unit 
epi Epitaxy, the deposition of a crystalline overlayer on a crystalline substrate SD/eMMC _ Secure Digital embedded MultiMediaCard 
ESD electrostatic discharge SD-HC Secure Digital High Capacity 
eTimers Event Timers SEE Single Event Effect 
FCCU Fluidized Catalytic Cracking Unit SMMU System Memory Management Unit 
FlexRay FlexRay Communication Controller SOC Systems on a Chip 
Gb Gigabyte SPI Serial Peripheral Interface 
GIC Global Industry Classification SwaP Size, weight, and power 
Gov't Government SysML System Modeling Language 
GPU Graphics Processing Unit TCM tightly-coupled memory 
GSFC Goddard Space Flight Center TID Total lonizing Dose 
GSN Goal Structuring Notation TMR triple-modular redundancy 
GTH/GTY Transceiver Type T-Sensor | Temperature-Sensor 
HDIO High Density Digital Input/Output UART Universal Asynchronous Receiver/Transmitter 
HDR High-Dynamic-Range USB Universal Serial Bus 
HPIO High Performance Input/Output WDT watchdog timer 
VO input/output Zipwire Freescale Zipwire interface 
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sal Abstract 


e As the space business rapidly evolves to accommodate a 
lower cost model of development and operation via 
concepts such as commercial space and small spacecraft 
(aka, CubeSats and swarms), traditional EEE parts 
screening and qualification methods are being scrutinized 
under a risk-reward trade space. In this presentation, two 
basic concepts will be discussed: 

— The movement from complete risk aversion EEE parts 


methods to managing and/or accepting risk via alternate 
approaches; and, 


— A discussion of emerging assurance methods to reduce 
overdesign as well emerging model based mission assurance 
(MBMA) concepts. 

e Example scenarios will be described as well as 
consideration for trading traditional versus alternate 
methods. 
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Outline 


e The Changing Space Market 
— Commercial Space and “Small” Space 

e EEE Parts Assurance 

e Modern Electronics 
— Magpie Syndrome 

e Breaking Tradition: Alternate Approaches 
— Higher Assembly Level Tests 
— Use of Fault Tolerance 

e Mission Risk and EEE Parts 

e Summary 
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Space Missions: 
How Our Frontiers Have Changed 


Cost constraints and cost “effectiveness” have 
led to dramatic shifts away from traditional large- 
scale missions (ex., Hubble Space Telescope). 


e Two prime trends have surfaced: 


— Commercial space ventures where the procuring agent 
“buys” a service or data product and the implementer is 
responsible for ensuring mission success with limited 
agent oversight. And, 


— Small missions such as CubeSats that are allowed to 
take higher risks based on mission purpose and cost. 
These trends are driving the usage of non 
Mil/Aero parts such as Automotive grade and 
“architectural reliability” (aka, resilience) 
approaches. 
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CubeSats Launched (2000-2017) 
679 Missions (!) 
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Michael Swartwout, "CubeSat Mission Success: 2017 Update (with a closer look at the effect of process management on outcome)," 
NASA Electronic Parts and Packaging (NEPP) Program, 2017 NEPP Electronics Technology Workshop, June 26-29, 2017. 
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Nasal CubeSat by Mission Type 
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Michael Swartwout, "CubeSat Mission Success: 2017 Update (with a closer look at the effect of process management on outcome)," 
NASA Electronic Parts and Packaging (NEPP) Program, 2017 NEPP Electronics Technology Workshop, June 26-29, 2017. 
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Michael Swartwout, "CubeSat Mission Success: 2017 Update (with a closer look at the effect of process management on outcome)," 
NASA Electronic Parts and Packaging (NEPP) Program, 2017 NEPP Electronics Technology Workshop, June 26-29, 2017. 
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EEE Parts Assurance 
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vasa Assurance for EEE Parts 


e Assurance is knowledge of 
¢ The supply chain and manufacturer of the product 
¢ The manufacturing process and its controls 


¢ The physics of failure (POF) and chemistry of failure 
(COF) related to the technology. 


Statistical process and inspection via 
— Testing, inspection, physical analyses and modeling. 


» Audits, process data analysis, electrostatic 
discharge (ESD), ... 


Test/Qualification/Screening methods 


— Understanding the application and 
environmental conditions for device usage. 


¢ This includes: 
— Radiation, Lifetime, Temperature, Vacuum, etc., as well as, 
— Device application and appropriate derating criteria. 
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Taking a Step Back... 


PN eo} o)itercliteyaly 
Sandi aelalanteial’ 


Physics of 
failure (POF) 


Screening/ Mission 
Qualification Reliability/ 
Methods Success 


Chemistry of 
failure (COF) 


It’s not just the technology, but how to view the need for safe 
insertion into space programs. 
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Nasal Reliability and Availability 


¢ Reliability (Wikipedia) 

— The ability of a system or component to perform its required 
functions under stated conditions for a specified period of 
time. 

e Will it work for as long as you need? 
- Availability (Wikipedia) 

— The degree to which a system, subsystem, or equipment is in 
a specified operable and committable state at the start of a 
mission, when the mission ts called for at an unknown, /.e., a 
random, time. Simply put, availability is the proportion of time 
a system is in a functioning condition. This is often described 
as a mission capable rate. 

¢ Will it be available when you need it to work? 


¢ Combining the two drives mission requirements: 
— Willit work for as long as and when you need it to? 
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vasa What does this mean for EEE parts? 


e The more understanding you 
have of a device’s failure modes 
and causes, the higher the 


confidence level that it will 


perform under mission CONFIDENCE 
ae LEVEL 
environments and lifetime 
- = -— INDESTRUCTIBLE 
— High confidence = “it has to work” eee 
¢ High confidence in both reliability Soe 
— INCREASING 
— FINE 


and availability. 


— Less confidence = “it may to work” 
e Less confidence in both reliability 
and availability. 
e It may work, but prior to flight there 
is less certainty. 
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vasa Traditional EEE Parts 
Approach to Confidence 
¢ Part level screening 


— Electronic component screening uses environmental 
stressing and electrical testing to identify marginal and 


defective components within a procured lot of EEE parts. 


¢ Part level qualification 
— Qualification processes are designed to statistically 
understand/remove known reliability risks and uncover 
other unknown risks inherent in a part. 
e Requires significant 
sample size and 
comprehensive suite of 
piecepart testing (insight) vs 
— high confidence 


To be presented by Kenneth A. LaBel at SERESSA 2017 the 13th International School on the Effects of Radiation on Embedded Systems for Space 
Applications, Munich (Garching), Germany, October 23-26, 2017. 


14 
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However, tradition doesn’t match the 
changing space market. 


Alternate EEE parts approaches that 
may be “good enough” are being used. 
(Discussed later in presentation.) 
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Modern Electronics 
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asa A History Lesson 
2015 Global Semiconductor Market: $335 Billion 


Percent of Semiconductor Sales by End Use 


PC/Computer Communications 
29.7% 34.1% 


Consumer 
13% Industrial/Gov’t 


Automotive 12.8% 


Source: WSTS End Use Report, 2015 
Note: Military is <1% and is included in Industrial/Gov't 


Military and Aerospace share is estimated at ~$3.1B in 2015. 
Aerospace is a small percentage of this amount. 
For comparison, in 1975 
the Military and Aerospace market share was ~$50%! 
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sal EEE parts are available in “grades” 


¢ Grades — Designed, certified, qualified, and/or 


tested for specific environmental characteristics. 


— E.g., Operating temperature range, vacuum, radiation, 
exposure,... 


e Examples: Aerospace, Military, Soace Enhanced 
Product, Enhanced Product, Automotive, Medical, 
Extended-Temperature-Commercial, and 
Commercial. 

— Aerospace Grade is the traditional choice for space usage, but 
has relatively few available parts and their performance lags 
behind commercial counterparts (Speed, power). 

¢ Designed and tested for radiation and reliability for space usage. 
¢ NASA uses a wide range of EEE part grades 
depending on many factors (technical, 
programmatic, and risk). 
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vasa The Magpie Syndrome: 


The Electrical Designer’s Dilemma 


e Magpie’s are known for being attracted to bright, 
shiny things. 

e In many ways, the modern electrical engineer is a 
Magpie: 

— They are attracted to the latest state-of-the-art devices 
and EEE parts technologies. 

e Usually any grade of EEE parts that aren’t qualified for 
space nor radiation hardened. 

— These bright and shiny parts may have very attractive 
performance features that aren’t available in higher- 
reliability parts: 

¢ Size, weight, and power (SwaP), 
e Integrated functionality, 

¢ Speed of data collection/transfer, 
¢ Processing capability, etc... 
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Processing System 


Example Magpie EEE Parts 


ssing U 
Quad ARM Cortex™-A53 Ler ARM Mali™- 400 MP DDR4/3/3L, 
32KB 32KB 


Display Port 
LPDDR4/3, 
Memory Geometry 
|-Cache D-Cache 
with Parity 


$32V234 Block Diagram 
ECC Support USB 3.0 
Management Processor Processors 
with ECC Unit 


SATA 3.0 
Memory Management Unit 
scu | cic} ccvsmmu | 1MB L2 CacherEcc 


PCle Gen2 
64KB L2 Cache 


PS-GIR 


Vector Floating : ; 
Point Unit Configuration 
Dual ARM Cortex™-R5 


AES Decryption, 
Authentification 


nd Secure Boot DMA, Timers, 
- : at WOT, Resets, UART 
128KB TCM § 32KB I-Cache § 32KB D-Cache Clocking 
with ECC with ECC with ECC TrustZone 


USB 2.0 
d Debug SPI 
System an 
- Management Quad SPI NOR 
Voltage/Temp NAND 
Monitor SD/eMMC 


Block RAM 


UltraRAM 


1006 EMAC 
High-Performance HPIO 


con Advanced Driver Assistance System (ADAS) 
HEINE a Sensor Fusion Processor 
Freescale.com 
Xilinx Zynq UltraScale+ 
Multi-Processor System on a Chip (MPSOoC) - 
16nm CMOS with Vertical FinFETS 


Xilinx.com 
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Gartner Hype Cycle —- 
Reality of Shiny New Things 


expectations Onthe  Atthe Sliding Into Climbing Entering 
Rise Peak the Trough the Slope the Plateau 
Activity beyond 
Supplier early adopters 


proliferation 


Negative press begins 
High-growth adoption 


Mass media 
ene Supplier consolidation oe oe = oe 
Early adopters and failures Pi ane 
investigate Second/thrid the innovation 
rounds of Methodologies and best 


First-generation 

products, high price, 
lots of customization 
needed 


venture capital practices developing 
funding 


Less than 5 percent of 
the potential audience 
has adopted fully 


Third-generation products, 
out of the box, product 


Startup companies 


first round of venture 
capital funding suites 
Second-generation 
products, some services 
Technology Peak of Inflated Trough of Plateau of 
Trigger Expectations _Disillusionment Slope of Enlightenment Productivity 
http:/www.gartner.com time 
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vasa Magpie Constraints 
¢ But Magpies aren’t designed for space flight 


— Just some aviary aviation at best! 
¢ Sample differences include: 

— Temperature ranges, 
Vacuum performance, 
— Shock and vibration, 
— Lifetime, and Griphietoniercavecanan: 
— Radiation tolerance. 


e Traditionally, “upscreening” at the part level has 
occurred. 
— Definition: A means of assessing a portion of the 
inherent reliability of a device via test and analysis. 
e It’s not increasing reliability! 
— Note: Discovery of a upscreened part failure occurs 
regularly. 
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When Should a Magpie Fly? 


e Mil/Aero alternatives are not available, 
— Ex., SWaP or functionality or procurement schedule, 
¢ A mission has a relatively short lifetime or benign space 
environment exposure, 
— Ex., 3 month CubeSat mission in LEO, 
e A system can assume possible unknown risks, 
— Ex., technology demonstration mission, 
e Device upscreening (per mission requirements) and system 
validation are performed to obtain confidence in usage, 
e System level assurances based on fault tolerance, higher 
assembly level test, and adequate validation are deemed 
sufficient. 
— This is asystems engineering trade that takes a multi- 
disciplinary review. 
As a pathfinder for future usage. 
— Out of scope for this talk: use of flight data for “qualification”. 
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Mission Risk and EEE Parts 
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asa Understanding Risk 


e The risk management requirements 
may be broken into three 
considerations 

— Technical/Design — “The Good” 


¢ Relate to the circuit designs not being able to 
meet mission criteria such as jitter related toa 
long dwell time of a telescope on an object 
— Programmatic - “The Bad” 
¢ Relate to a mission missing a launch window or 
exceeding a budgetary cost cap which can lead to 
mission cancellation 


— Radiation/Reliability — “The Ugly” 
¢ Relate to mission meeting its lifetime and 
performance goals without premature failures or 
unexpected anomalies 
e Each mission must determine its priorities 
among the three risk types 


Graphic from Free Vector Art. 
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vasa Background: Traditional Risk Matrix 


ree 
AFTER 


Risk Tolerance Boundary 
Placed on the profile to reflect 
Corporate “Risk Appetite” 


By adjusting the level of 
currency hedging, resources 
can be released to help fund 

improvements to protection of 
the production facility. 


Caution Zone 
Risks in the “yellow” area 
need constant vigilance 
and regular audit 


\Likelihood 


Likelihood Scale: A: VeryHigh B:High C: Occasional D:Low E:VeryLow F: Almost Impossible 
Impact Scale: I: Catastrophic Il: Critical Ill: Significant IV: Marginal 
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vasa Space Missions: 
EEE Parts and Risk 


e The determination of acceptability for device 
usage is a complex trade space. 
— Every engineer will “solve” a problem differently: 
¢ Ex., software versus hardware solutions. 
¢ The following chart proposes an alternate 
mission risk matrix approach for EEE parts 
based on: 
— Environment exposure, 
— Mission lifetime, and, 
— Criticality of implemented function. 
e Notes: 


— “COTS” implies any grade that is not space qualified 
and radiation hardened. 


— Level 1 and 2 refer to traditional space qualified EEE 
parts. 
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S& Notional EEE Parts Selection Factors 


Level 1 or 2 
suggested. 
COTS upscreening/ 
testing 
recommended. 
Fault tolerant 
designs for COTS. 


COTS upscreening/ 
testing, 


Criticality 


Level 1 or 2, rad hard 
suggested. 
Full upscreening for 


COTS upscreening/ 


testing recommended. 


Fault-tolerance 
recommended 


COTS upscreening/ 
emcee co ommended. 


Sore Tere 
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ars Vae| 
recommended. 
Uli mel ek-veqg-t-yal tare] 
for COTS. 
erclUlimmce)(-veclars 
designs for COTS. 


Level 1 or 2, rad 
hard miei eas 


Rad hard 
suggested. 
COTS upscreening/ 
testing 
recommended. 
Fault tolerance 
recommended 


vasa A Few Details on the “Matrix” 


e When to test: 
“Optional” 

¢ Implies that you might get away without this, but there’s residual risk. 
“Suggested” 

e Implies that it is good idea to do this, and likely some risk if you don’t. 
— “Recommended” 


e Implies that this really should be done or you'll definitely have some 
risk. 


Where just the item is listed (like “full upscreening for COTS”) 


e This should be done to meet the criticality and environmentilifetime 
concerns. 


¢ The higher the level of risk acceptance by a mission, the higher 
the consideration for performing alternate assembly level testing 
versus traditional part level. 


e All fault tolerance must be validated. 


Good mission planning identifies where on the matrix a EEE part lies. 
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Breaking Tradition: 


Alternate Approaches to EEE Parts 
Assurance 
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Assembly Testing: 
Can it Replace Testing at the Parts Level? 


We can test devices, 


but how do we test 
systems? 


Or better yet, systems of 
systems ona chip (SOC)? 


NASA GSFC Picture of FPGA tester. 
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vasa Not All Assemblies are Equal 


¢ Consider two distinct categories of assemblies: 
— Off the shelf (you get what you get) such as COTS, and, 
— Custom (possibility of having specific “design for test”) 
¢ Still won’t be as complete as single part level testing, but it 
does reduce some challenges. 
¢ For COTS assemblies, some specific concerns 
include: 
— Bill-of-materials may not include lot date codes or device 
manufacturer information. 
— Individual part application may not be known or datasheet 
unavailable. 
— The possible variances for “copies” of the “same” assembly: 


e¢ Form, fit, and function EEE parts may mean various 
manufacturers, or, 

¢ Lot-to-lot and even device-to-device differences in 
reliability/availability. 
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Sample Challenges for 
Testing Assemblies 


e Limited statistics versus part level approaches due to sample size. 


e Inspection constraints. 


¢ Reliability acceleration factors 
— Temperature testing limited to “weakest” part. 
— Voltage testing may be limited by on-board/on-chip power regulation. 


e Limited test points and I/O = inadequate visibility of 
errors/failures/faults. 
e Inadequate fault coverage testing. 
e System operation. 
— Ex., Using nominal flight software versus a high stress test approach. 
e Error propagation 
— An error occurs, but does not propagate outward until some time later 
due to system operations such as those of an interrupt register. 


e Fault masking during radiation exposure 


— Too high a particle rate or too many devices being exposed 
simultaneously. 
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Using Fault Tolerance to Improve 
“Reliability/Availability” 


e Operational 

— Ex., no operation in the South Atlantic Anomaly (proton hazard) 
e System 

— Ex., redundant boxes/busses or swarms of nanosats 
e Circuit/software 


— Ex., error detection and correction (EDAC) scrubbing of memory devices by 
an external device or processor 


e Device (part) 
— Ex., triple-modular redundancy (TMR) of internal logic within the device 
e Transistor 
— Ex., use of annular transistors for Total lonizing Dose (TID) improvement 
e Material 
— Ex., addition of an epi substrate to reduce Single Event Effect (SEE) charge 
collection (or other substrate engineering) 
Good engineers can invent infinite solutions, 
but the solution used must be adequately validated. 
It’s easy to show a working block diagram, it’s hard to 
rovide sufficient validation details. 
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vasa Possible Exceptions: 
Is Radiation Testing Always Required for COTS? 


¢ Operational 
— Ex., The device is only powered on once per orbit and the 
sensitive time window for a single event effect is minimal 
¢ Acceptable data loss 
— Ex., System level error rate (availability) may be set such 
that data is gathered 95% of the time. 
¢ Given physical device volume and assuming every ion 
causes an upset, this worst-case rate may be tractable. 
¢ Negligible effect 


— Ex., A 2 week mission on space station may have a very 
low Total lonizing Dose (TID) requirement. 


_ Aflash memory may be acceptable 

_ without testing if a low TID 

_ requirement exists or not powered on 
= for the large majority of time. 


Memory picture courtesy | 
NASA/GSFC, Code 561 
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Is knowledge of EEE Parts Failure Modes 
Required To Build a Fault Tolerant System? 


¢ The system may work, but is there adequate 
confidence in the system to meet reliability and 
availability after launch? 


¢ In no particular order: 
What are the “unknown unknowns”? 

¢ Can we account for them? 
How do you adequately validate a fault tolerant system 
for space? 

e This ts a critical point. 
How do you calculate risk with unscreened/untested 
EEE parts? 
Do you have a common mode failure potential in your 
design? 

¢ l.e.,a design with identical redundant strings rather than 

having independent redundant strings. 
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Bottom Line on 


Assembly Testing and Fault Tolerance 


e While clearly ANY testing is better 
than none, assembly testing has 
limitations compared to the individual 
EEE part level. 


— This is a risk-trade that’s still to be 
understood. 

— No definitive study exists comparing this 
approach versus traditional parts 
qualification and screening. 


e Fault tolerance needs to be validated. 


— Understanding the fault and failure 
signatures is required to design 
appropriate tolerance. 


— The more complex the system, the harder 
the validation is. 
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vasa Model Based Mission Assurance (MBMA) 


e Motivation 

- Commercial parts (COTS) 

- Document-centric work flow to 
model-based system 
engineering 

- System mitigation (for COTS) 

- Single source of system 
design parameters 
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Overview of Modeling Languages Used - 
Model Based Systems Engineering (MBSE) 


Overview of Modeling Languages Used 


| SysML__| GSN | __BayesNet__ 


+ Specification of systems Visual representation |* Nodes describe probabilities of 
through standard notation of argument etates 

* Added fault propagation Goals, Strategies, Caktulate conditional 
paths probabilities from observations 


Presented at NASA Electronic Parts and Packaging (NEPP) Technical Interchange Meeting (TIM), Vanderbilt University, Nashville, TN, August 29-30, 2017. 10) 
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NEPP (w/ NASA MBMA Program) 
Pieces to the puzzle (partial) 


Emerging Architecture Aer 
Vanderbilt University Exemplars and Training for MBMA 
Developing Requirements and Goals Web-based tool (SEAM) Vanderbilt University 
NASAIGSFC (Campola) - Vanderbilt GSN Exemplar (SEE) -— complete 
Notional RHA Tool (R-GENTIC) TBD 


NASAIGSFC (Xapsos) GSN Exemplar - EEE parts reliability 


RHA Confidence Approach 


COTS Data 
GSFC 
NEPP/Radhome data 
(+ collaborations) 
GSFC 
IEEE REDW access 
GSFCI/JPL (new data) 
CubeSat EEE Parts Testing 


Understanding the Small Mission 
Universe 
Saint Louis University 
CubeSat Success Study 
JPL 
CubeSat EEE Parts Database Studies 
Aerospace (proposed) 
CubeSat Kit Vendor Survey 


Best Practices (Process and Test) 
NASAIGSFC (Campola) 
Small Mission RHA 
NASAIGSFC 
Small Mission EEE Parts Best Practices 
NASAIGSFC (Xapsos) 


RHA Confidence Approach 
GSFC 
Board Level Testing and EEE Part Reliability 
Knowledge Sharing JPL 
Integration with S3VI Board Level Proton Testing 
(NASAIARC) 
GSFC Tools for Radiation Reliability 


ESA Small Mission RHA NASAIGSFC (Berg) 


SEE Classic Reliability 


Vanderbilt 
Reliable less than MIL CREME Toolsuite 
Aerospace (proposed) Vanderbilt 
TBD Space Enhanced Performance BN Model + Integrating into SEAM 
Resilience, autonomy (SEP) Electronics Grade Study NASAIGSFC (Xapsos) 


RHA Confidence Approach 
https://modelbasedassurance.org/ 
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vasa Summary 


e In this talk, we have presented: 


— An overview of considerations for alternate EEE parts 
approaches: 
¢ Technical, programmatic, and risk-oriented 
— Every mission views the relative priorities differently. 


¢ As seen below, every decision type may havea 
process. 


— It’s all in developing an appropriate one for your 
application and avoiding “buyer’s remorse”! 


— Problem Information Evaluation bai 
recognition: — search: of alternatives: a aes 

— Perceiving Seeking Assessing alue in ; 

- aneed value value ile on 


Five stages of Consumer Behavior 


P. Kotler and G. Armstrong, "Consider Purchase Decision Process Model Reference,” Principles of Marketing, 2001. 
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